Versions Compared

Old Version 4

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When users log in to the IAM Shop, they can view the pages and controls that their roles permit access to. (See Granting Access to the IAM Shop for a list of these roles and the access they grant.) For example, the image below shows pages and controls viewable to a user with full access to Resource Admin.

...

IAM Shop Controls

With access to the IAM Shop, users can request roles and other resources provided by the organization. The process of requesting access to resources is called submitting a Business Request. The IAM Shop application features various controls to accommodate users' needs, as detailed in the table below. Please note that not all users will see all controls, as it depends on their access to the IAM Shop.

...

Control

...

Description

...

Navigation Sidebar

...

Allows users to navigate from the IAM Shop to other EmpowerID applications

...

Resource Panel

...

Provides a grid or card view of the resources the user can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which users can see how far along the approval process the request is. Users can view and add comments here as well.

...

Shopping Cart

...

The shopping cart contains requested business items the user has requested but not yet submitted. Users who are shopping for themselves and others will see multiple shopping carts, one containing their items and the others containing items requested for others.

...

Manage Access Page

...

The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users caccess this page by selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button.

...

...

Workflows Page

...

Provides a list of workflows the current user can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. Users must have access to the page and the right to initiate the workflows to see them in the IAM Shop.

...

Filter Pane

...

Provides filters to allow users to selectively filter the resources they see.

...

Filters

...

Resource Type

...

Filter available resources by resource type. Available resource types include:

  • Groups

  • Business Roles

  • Applications

  • Azure Licenses

  • Azure Roles

  • Management Roles

  • Mailboxes

  • Shared Folders

  • Computers

  • Credentials

...

Shopping For

...

Shop for yourself or another person.

...

Show Only Pre-Approved

...

Filter to show only resources user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Management Roles, and computers.

...

Suggest Additional Resources

...

Filter to show additional resources suggested for the user via Eligibility policies. This filter appears only when shopping for groups, Business Roles, and Management Roles.

...

Target System

...

Filters available Application Roles based on the selected Account Store Type and/or Account Store.

  • Select Account Store Type allows users to filter groups to display only those belonging to Account Stores configured with the selected Account Store Type. Account Store Type is a configurable setting that can be used to logically categorize Account Stores.

  • Select Account Store allows users to filter groups to display only those belonging to the selected Account Store. To be a filter option, Account Stores must have the Is Visible in IAM Shop property set to true. The filter is used in conjunction with the selected Account Store Type filter to display groups belonging to the selected account store. Groups existing in other account stores are excluded.

    Image Removed

...

Applications

...

Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles.

...

Business Domains

...

Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles.

...

Business Functions

...

Filter available groups and roles by Business Functions. This filter appears only when shopping for groups, Business Roles, and Management Roles.

...

...

Rights

...

Filter available roles by external system rights granted to those roles. This filter appears only when shopping for groups, Business Roles, and Management Roles.

...

Application Processes

...

Filters available groups based on the selected process. This filter appears only when shopping for groups.

...

Shop by Reference Person

...

Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person. The user shopping must be able to view the reference person and have the same eligibility to see that person’s resources.

...

Advanced Search

...

Provides advanced search capabilities to further filter resources.

Shopping for resources

...

Shopping for resources

Users visit the IAM Shop to request resources for which they are eligible or to activate resource assignments they have been preapproved for. This action of requesting access to resources is referred to as creating or submitting a "Business Request." After a Business Request is submitted, EmpowerID routes it for approval according to the Approval Flow policies set up for the specifically requested resource.

...

  1. The user accesses the IAM Shop and filters the available resources to those for which that user is shopping.

  2. The user clicks the Request Access button for a specific resource, which opens a panel with more information about the resource and options for requesting access.

    Image RemovedImage Added

  3. Users then click Add to Cart to add the requested resource to their cart.

  4. When ready to review the items in their carts, users click the cart icon to open the shopping cart.

    Image RemovedImage Added

  5. When ready to submit their requests for approval, users do the following:

    • Enter a Business Request Name.

    • Optionally select a due date.

    • Optionally add a comment.

    • Click Submit.

  6. Once successfully submitted, a window appears stating that the cart was successfully submitted with a link to track the request's status.

  7. Clicking the link directs the user’s browser to the My Request page of the My Tasks application with the Overview card for the request open. Overview cards allow users to view details about their requests and the number of approvals needed for access to be granted.

    Image RemovedImage Added


Shopping for Resources and Risk Violations

...